3. Proof-of-work analysis

Adam Back adam at cypherspace.org
Tue May 18 18:49:11 EDT 2004


Here's a forward of parts of an email I sent to Richard with comments on
his and Ben's paper (sent me a pre-print off-list a couple of weeks ago):


One obvious comment is that the calculations do not take account of
the CAMRAM approach of charging for introductions only.  You mention
this in the final para of conclusions as another possible.


My presumption tho don't have hard stats to measure the effect is that
much of email is to-and-fro between existing correspondents.  So if I
were only to incur the cost of creating a stamp at time of sending to
a new recipient, I could bear a higher cost without running into
limits.

However the types of levels of cost envisaged are aesthetically
unpleasing; I'd say 15 seconds is not very noticeable 15 mins is
noticeable and 1.5 hrs is definately noticeable.


Of course your other point that we don't know how spammers will adapt
is valid.  My presumption is that spam would continue apace, the best
you could hope for would be that it is more targetted, that there are
financial incentives in place to make it worth while buying
demographics data.  (After all when you consider the cost of sending
junk paper mail is way higher, printing plus postage, and yet we still
receive plenty of that).

Also as you observe if the cost of spamming goes up, perhaps they'll
just charge more.  We don't know how elastic the demand curve is.
Profitability, success rates etc are one part of it.  There is an
interplay also: if quantity goes down, perhaps the success rate on the
remaining goes up.  Another theory is that a sizeable chunk of spam is
just a ponzi scheme: the person paying does not make money, but a lot
of dummy's keep paying for it anyway.




Another potential problem with proof-of-work on introductions only, is
that if the introduction is fully automated without recipient opt-in,
spammers could also benefit from this amortized cost.  So I would say
something like the sender sent a proof-of-work, and the recipient took
some positive action, like replying, filing otherwise than junk or
such should be the minimum to get white-listed.




On the ebiz web site problem, I think these guys present a problem for
the whole approach.  An ebiz site will want to send lots of mail to
apparent new recipients (no introductions only saving), a popular ebiz
site may need to send lots of mail.


Well it is ebiz so perhaps they just pass the cost on to the consumer
and buy some more servers.




Another possibility is the user has to opt-in by pre-white-listing
them, however the integration to achieve this is currently missing and
would seem a difficult piece of automation to retrofit.




One of the distinguishing characteristics of a spammer is the
imbalance between mail sent and mail received.  Unfortunately I do not
see a convenient way to penalize people who fall into this category.




Also because of network effect concerns my current hashcash deployment
is to use it as a way to reduce false positives, rather than directly
requiring hashcash.  Well over time this could come to the same thing,
but it gives it a gentle start, so we'll see how long it is before the
1st genuine spam with hashcash attached.

CAMRAM's approach is distinct and is literally going straight for the
objective of bouncing mail without some kind of proof (hashcash or
reverse-turing, or short term ability to reply to email
challenge-response).

Adam

Richard Clayton wrote:
> [...] Ben Laurie) and I have recently
> been doing some sums on proof-of-work / client puzzles / hashcash
> methods of imposing economic constraints upon the sending of spam...
> 
> Ben wanted to know how big a proof was needed for a practical scheme
> he was considering -- and I told him it wasn't going to work. We then
> carefully worked through all the calculations, using the best data
> that we could obtain -- and we did indeed come to the conclusion that
> proof-of-work is not a viable proposal :(

> Paper:
> 
>      http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list